Apr 15
The quarterly Oracle CPU hit the streets on Tuesday, 14 April, and patches 16 vulnerabilities in the Oracle RDBMS, including a remotely accessible exploit of the listener without authentication. Oddly this only scored a 5.0 on the CVSS v2.0. There was an 8.5 CVSS-scored vulnerability in Resource manager that was patched. It has been speculated that this vulnerability could be exploited by SQL Injection, but the high score seems odd. I’ll keep looking for details on this item.